package org.esprit.ocm.server.metier.ec2.impl;

import java.util.logging.Level;
import java.util.logging.Logger;

import org.esprit.ocm.client.rpc.ec2.RulesService;
import org.esprit.ocm.dto.impl.AwsCredentialsDto;
import org.esprit.ocm.dto.impl.ServerDto;

import com.xerox.amazonws.ec2.Jec2;

public class RulesServiceImpl extends BaseServiceImpl implements RulesService {

	/**
	 * Add incoming permissions to a group by opening the given ports.
	 * 
	 * @param instance
	 * @param groupname
	 *            name of the group.
	 * @param protocol
	 *            e.g. "tcp", "udp", "icmp"
	 * @param portFrom
	 * @param portTo
	 * @param cidrIp
	 *            CIDR IP range to add (i.e. 0.0.0.0/0)
	 * 
	 * @return true if successfull, false else
	 */
	public boolean addPermission(String groupname, String protocol, int portFrom, int portTo, String cidrIp, ServerDto server,
			AwsCredentialsDto credentials) {

		// initialize the interface
		Jec2 ec2 = this.initConnection(server, credentials);

		try {

			ec2.authorizeSecurityGroupIngress(groupname, protocol, portFrom, portTo, cidrIp);

			return true;

		} catch (Exception ex) {
			Logger logger = Logger.getLogger(this.getClass().getName());
			logger.log(Level.SEVERE, "Adding incoming permissions failed: " + ex.getMessage());

			return false;
		}

	}

	/**
	 * Adds a permission associated to an group/owner.
	 * 
	 * @param groupname
	 *            name of group to modify
	 * @param secGroupName
	 *            name of security group to add access
	 * @param secGroupOwnerId
	 *            owner of security group
	 * @return
	 */
	public boolean addPermission(String groupname, String secGroupName, String secGroupOwnerId, ServerDto server, AwsCredentialsDto credentials) {

		// initialize the interface
		Jec2 ec2 = this.initConnection(server, credentials);

		try {

			ec2.authorizeSecurityGroupIngress(groupname, secGroupName, secGroupOwnerId);

			return true;

		} catch (Exception ex) {
			Logger logger = Logger.getLogger(this.getClass().getName());
			logger.log(Level.SEVERE, "Adding incoming permissions for source 'group' failed: " + ex.getMessage());

			return false;
		}

	}

	/**
	 * Revokes permissions that were added using <code>addPermission()</code>.
	 * 
	 * @param instance
	 * @param groupname
	 * @param protocol
	 * @param portFrom
	 * @param portTo
	 * @param cidrIp
	 *            CIDR IP range to add (i.e. 0.0.0.0/0)
	 * 
	 * @return true if successfull, false else
	 */
	public boolean removePermission(String groupname, String protocol, int portFrom, int portTo, String cidrIp, ServerDto server,
			AwsCredentialsDto credentials) {

		// initialize the interface
		Jec2 ec2 = this.initConnection(server, credentials);

		try {

			ec2.revokeSecurityGroupIngress(groupname, protocol, portFrom, portTo, cidrIp);

			return true;

		} catch (Exception ex) {
			Logger logger = Logger.getLogger(this.getClass().getName());
			logger.log(Level.SEVERE, "Revoking incoming permissions failed: " + ex.getMessage());

			return false;
		}

	}

	/**
	 * Revokes a permission associated to an group/owner.
	 * 
	 * @param groupname
	 *            name of group to modify
	 * @param secGroupName
	 *            name of security group to revoke access from
	 * @param secGroupOwnerId
	 *            owner of security group to revoke access from
	 * @return
	 */
	public boolean removePermission(String groupname, String secGroupName, String secGroupOwnerId, ServerDto server, AwsCredentialsDto credentials) {

		// initialize the interface
		Jec2 ec2 = this.initConnection(server, credentials);

		try {

			ec2.revokeSecurityGroupIngress(groupname, secGroupName, secGroupOwnerId);

			return true;

		} catch (Exception ex) {
			Logger logger = Logger.getLogger(this.getClass().getName());
			logger.log(Level.SEVERE, "Revoking group/owner permissions failed: " + ex.getMessage());

			return false;
		}

	}
}
